#!/bin/sh

if [ "$2" = "" ]
then
	echo "Usage ./createCA.sh caPassword truststorePassword"
	exit
fi

caPassword=$1
truststorePassword=$2

# Delete any old files
rm ca.pem
rm ca.p12
rm ca.cert
rm truststore.jks

# Generate the CA keypair, and export to pem format
keytool -genkeypair -keystore ca.p12 -storetype pkcs12 -storepass $caPassword -alias ca -keypass $caPassword -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -dname "cn=CS6238CA, ou=none, o=none, L=none, S=none, c=BG" -validity 3650 -v
openssl pkcs12 -in ca.p12 -out ca.pem -password pass:$caPassword -passout pass:$caPassword

# generate a new keystore, and delete the key - this is to create an empty keystore, which will be the truststore
keytool -genkey -alias foo -keystore truststore.jks -storepass $truststorePassword -keypass $truststorePassword -dname "cn=none, ou=none, o=none, L=none, S=none, c=none" 
keytool -delete -alias foo -keystore truststore.jks -storepass $truststorePassword
keytool -export -alias ca -file ca.cert -keystore ca.p12 -storetype pkcs12 -storepass $caPassword
keytool -importcert -trustcacerts -alias ca -file ca.cert -keystore truststore.jks -storepass $truststorePassword 

rm ca.p12
